One of the ways we see plugin developers try to stop improper access to files generated by their WordPress plugin is to restrict direct access to the files over the Internet through the use of access restrictions placed in a .htaccess file (as the was the case with a vulnerability we disclosed last week). The problem with this is that this only